Botnet Bust: DOJ Targets Gameover Zeus, Cyptolocker

The Justice Department has announced the disruption of the Gameover Zeus botnet, and says that 30-year old Russian national Evgeniy Mikhailovich Bogachey has been charged over his alleged role as administrator. The department also says it separately went after the “ransomware” known as Cryptolocker.

From the DOJ’s announcement:

Gameover Zeus, also known as “Peer-to-Peer Zeus,” is an extremely sophisticated type of malware designed to steal banking and other credentials from the computers it infects. Unknown to their rightful owners, the infected computers also secretly become part of a global network of compromised computers known as a “botnet,” a powerful online tool that cyber criminals can use for numerous criminal purposes besides stealing confidential information from the infected machines themselves.

The Justice Department says security researchers estimate that roughly 25 percent of the between 500,000 and 1 million computers infected with the malware worldwide are located in the U.S.:

The principal purpose of the botnet is to capture banking credentials from infected computers. Those credentials are then used to initiate or re-direct wire transfers to accounts overseas that are controlled by cyber criminals. The FBI estimates that Gameover Zeus is responsible for more than $100 million in losses.

The Justice Department says victims can go to here for help to remove Gameover Zeus. The British government estimates that there’s a two-week window for computer users to take action to reduce the impact of the malware on the public.

The DOJ also says it led a “separate multi-national action to disrupt the malware known as Cryptolocker (sometimes written as “CryptoLocker”), which began appearing about September 2013 and is also a highly sophisticated malware that uses cryptographic key pairs to encrypt the computer files of its victims.”

The ransomware, according to the Justice Department, forces victims to pay hundreds of dollars in order to unlock their files. The DOJ says that the malware is estimated to have infected more than a quarter million computers:

Security researchers estimate that, as of April 2014, Cryptolocker had infected more than 234,000 computers, with approximately half of those in the United States. One estimate indicates that more than $27 million in ransom payments were made in just the first two months since Cryptolocker emerged.

For more on what happened, here’s assistant attorney general Leslie R. Caldwell’s prepared statement.